<?php
session_start(); //Starts sessions
if(isset($_SESSION['userNum'])){ //If the session variable is already set, get all session variables
$userNum = $_SESSION['userNum'];
$pageTitle = $_SESSION['title'];
$server = $_SESSION['server'];
$user = $_SESSION['user'];
$pass = $_SESSION['pass'];
$db = $_SESSION['db'];

$ifLoginIsSingle = checkSessionID($_SESSION['sid'],$userNum,$server,$user,$pass,$db);
		
		if($ifLoginIsSingle == "False"){
			session_destroy(); 
			header('Location: home.php');
		}

}else{
header('Location: home.php');//else, redirect user to home
}
?>
<html>
<head>
<title>Candidates - <?php echo $pageTitle ?></title>
<?php include('showIcon.php'); ?>
<?php include('loadingScript.html'); ?>
</head>
<body style="background-image:url('images/bg_blue.jpg')">
<div style="position:absolute;left:75px;top: 0px">
<font face = "Arial">
<table style="width: 810px; height: 104px" border="0" cellspacing="0" cellpadding="0" >
<?php include("menuButtons.php"); ?>
</table>
<table style="width: 810px;" cellspacing="0" cellpadding="0" >
<tr>
<td style="height: 76px; width: 28px;"></td>
<td style="height: 76px" width="808px">
<?php
// Using get method, use the information from hyperlink to show candidates
$num =$_GET['pos']; // The position chosen
$name = $_GET['name']; // The name of position
//The two are required to ensure that information shown is accurate

if($num > 0){ //This means that the position chosen if from the database
              //The position number started at number 1

//Connect to database			  
mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

// Get all candidates with the parameters chosen by the user
$result = mysql_query("SELECT c.Cand_Num, c.Cand_Pos, c.Cand_Name, c.Cand_Party, c.Cand_Platform, p.pos_name FROM candidates c ,positions p WHERE c.Cand_Pos = p.pos_num and c.Cand_Pos =".$num." and p.pos_name ='".$name."' order by c.cand_num") or die(mysql_error());  

// The output in html
echo "<br><h2>View all candidates for ".$_GET['name']."</h2>";
while($row = mysql_fetch_array( $result )){ //Get all candidates, this will loop until all candidates are shown
	
	echo "<a name='".$row['Cand_Num']."'></a>";
	echo "<table style='height: 165px; width: 483px'><tr>";
	echo "<td style='width: 259px; height: 32px;background-color:#333333'><font color = 'white'>&nbsp; &nbsp;Name:</font><font color = 'silver'>".$row['Cand_Name']."</font></td>";
	
	$imgDest = "images/candidates/".$row['Cand_Num'].".png";
	
	if(file_exists($imgDest)){
		echo "<td style='width: 212px' rowspan='4' ><img src='images/candidates/".$row['Cand_Num'].".png' width = '212' height = '248'></td></tr>";
	}else{
		echo "<td style='width: 212px' rowspan='4' ><img src='images/nophoto.jpg' width = '212' height = '248'></td></tr>";
	}
	
	echo "<tr><td style='width: 259px; height: 41px;background-color:#6666FF'<font color = 'white'>&nbsp; &nbsp;Party:</font> <font color = 'silver'>&nbsp;".$row['Cand_Party']."</font></td></tr>";
	echo "<tr><td style='width: 259px; height: 41px;background-color:#6666FF'<font color = 'white'>&nbsp; &nbsp;Description:</font></td></tr>";
	echo "<tr><td style='width: 259px; height: 130px'><textarea readonly style='height: 124px; width: 260px;background-color:#99ccff;font-family:sans-serif'>";
	echo $row['Cand_Platform']."</textarea></td></tr></table><br>";
	
}


}else{ // Means there are no parameters set yet, indicating the user needs to choose

//Connect to database
mysql_connect($server,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

//Get all the positions
$result = mysql_query("SELECT * FROM positions") or die(mysql_error());  

//HTML output
echo "<br><h2>Select a position</h2>";
while($row = mysql_fetch_array( $result ))
{
//Create hyperlinks to be used as a GET method
echo "<br><a href = 'candidates.php?pos=".$row['pos_num']."&name=".$row['pos_name']."' style='text-decoration:none'>".$row['pos_name']."</a> ";
}}
//Function checkSessionID()
// -Checks if session in db is same in the session in browser
// If not, it logs out
function checkSessionID($sid,$uname,$sver,$usr,$passwd,$dbase){
mysql_connect($sver,$usr,$passwd) or die(mysql_error());
mysql_select_db($dbase) or die(mysql_error());

	$querySession = mysql_query("SELECT voter_current_session from voters WHERE voter_num = '".$uname."'");	

		while($sessionInDB = mysql_fetch_array($querySession)){
		$loggedSession = $sessionInDB['voter_current_session'];
		}

	if($_SESSION['sid'] == $loggedSession){
	return "True";
	}else{
	return "False";
	}	
}
?>
</td>
</tr>
</table>
<br><br><br><br><br>
</div>
<?php include('bottomLinks.php'); ?>
</body>
</html>
